2.2.2.2.9 DPAPI-NG Datum
The DPAPI-NG datum encapsulates the parameters necessary to decrypt a DPAPI-NG protector (ProtectorType of 0x0003).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
EFSX_Datum |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
DpapiNgFlags |
Data_Fields (variable) |
||||||||||||||||||||||||||||||
... |
EFSX_Datum (8 bytes): This field MUST be formatted as specified in section 2.2.2.2.2. The datum Type MUST be EFSX_TYPE_DPAPI_NG_DATA (0x0007). The datum Flags SHOULD include 0x0002, indicating a complex datum.
DpapiNgFlags (2 bytes): This field is reserved and SHOULD be set to 0x0000.
Data_Fields (variable): This field contains any number of nested EFSX_Datum structures. The nested datum structures MUST NOT overlap and MUST be entirely contained within the DPAPI-NG datum. This field SHOULD contain at least one datum structure, each of which MUST be of type EFSX_TYPE_BLOB (0x0001), MUST have a Role of 0x0007, and MUST have BlobType of 0x0005.